bps-arq-ajax.js – 403 error

[Max]

Hi there

I used WP Duplicator to clone a site. I can highly recommend. It basically downloads all files and the db and then uploads files and restores in a new db. I wanted to move one site to another host (different company).

I did NOT disable or tinker with BPS before starting the clone/copy process. I only disabled ARQ.

After the import/setup of the new site, it works fine but BPS causes a BPS error with bps-arq-ajax.js

Moreover the AIT BPS Pro Menu items that line up next, are not stacked top down. That wasn’t the case before.

[403 GET Request: 10. September 2016 - 10:56]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: xxx.xxx.xxx.xxx
Host Name: ip-xxx-xxx-xxx-xxx.local
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR: xxx.xxx.xxx.xxx
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://www.site.ch/wp-admin/
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=12.3
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.101 Safari/537.36

[AITpro Admin]

This particular error has to do with WP AJAX and logging into your site as a non-admin.  ie if a Subscriber logs into you site then this particular WP AJAX error will be generated, which is fine and just sort of a nuisance thing that will be fixed in the next BPS version.  So is there another issue/problem going on?  Seems like you are saying everything is ok and you just noticed this particular error correct?

[Max]

I am admin. The published site (only a test site) works fine.

The wp-admin section takes up to 60s to load.

Using query manager I identifed that all update-checks (including built in) cause a delay of 3-5s encountering “cURL error 28: Resolving timed out” e.g. https://api.wordpress.org/plugins/update-check/1.1/

This has probably nothing to do with BPS but with duplicating/migrating or moving/coping wp_config from a VPS to a shared host. I am investigating.

[AITpro Admin]

Yep, this is not a BPS error message.  BPS only uses cURL when running the Setup Wizard or using the cURL Scan Pro-Tool.  When I google this search term:  “cURL error 28: Resolving timed out” I see several possible general solutions.  So probably you want to do standard WordPress troubleshooting steps.  ie deactivate plugins and switch your theme temporarily.

[Max]

I have more of those BPS js errors. Wich module is causing the error?

HTTP_REFERER: http://www.mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-tabs.js?ver=12.3
HTTP_REFERER: http://www.mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-dialog.js?ver=12.3
QUERY_STRING:
HTTP_REFERER: http://www.mysite.com/wp-admin/admin.php?page=bulletproof-security%2Fadmin%2Fsecurity-log%2Fsecurity-log.php
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-ui-accordion.js?ver=12.3
QUERY_STRING:

etc.

[AITpro Admin]

hmm then maybe what is going on is a combo problem like something is interfering with the BPS Pro Plugin Firewall, which is then causing errors/other things to break.  I took a look at this site:  http://www.site.ch/ in the first Security Log entry you posted, but it does not appear to be a WordPress site when I look at the Source Code of your home page.  So post a link to the WP site that is having problems so I can look at the frontend Source Code for some clues.  Do BPS Pro troubleshooting step #3:  http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting and let me know if the errors go away

[Qtwix]

Hi,

I have the same issue on all my sites where I’ve installed BPS Pro. I get a huge amount of log messages like:

[403 GET Request: Oktober 18, 2017 - 8:33]
BPS Pro: 13.3.3
WP: 4.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 194.230.159.162
Host Name: 194.230.159.162
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.3.3
QUERY_STRING: ver=13.3.3
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

[403 GET Request: Oktober 18, 2017 - 8:33]
BPS Pro: 13.3.3
WP: 4.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 194.230.159.162
Host Name: 194.230.159.162
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/edit.php?post_type=page
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.3.3
QUERY_STRING: ver=13.3.3
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

[403 GET Request: Oktober 18, 2017 - 8:33]
BPS Pro: 13.3.3
WP: 4.8.2
Event Code: PFWR-PSBR-HPRA
Solution: https://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 194.230.159.162
Host Name: 194.230.159.162
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: https://fclandquart.ch/wp-admin/post.php?post=101&action=edit
REQUEST_URI: /wp-content/plugins/bulletproof-security/admin/js/bps-arq-ajax.js?ver=13.3.3
QUERY_STRING: ver=13.3.3
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Any idea why BPS Pro is blocking it’s own script?

Thanks

[AITpro Admin]

@ Qtwix – I checked your site and see that it is being minified by LiteSpeed Cache.  Frontend minification breaks the Plugin Firewall so it is possible, but not likely, that somehow this is also affecting your wp-admin backend area.  Try BPS Pro troubleshooting step #3 > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting to check if the problem has something to do with the BPS Pro Plugin Firewall.  Let me know what happens after deactivating the BPS Pro Plugin Firewall.

[Qtwix]

I think you are right. It has something to do with the PFW. However, it’s not the LightSpeed Cache, as I have the same issue with other sites too, running on an apache without any caching or minifying plugin. Yesterday, I manually updated the plugins script|file whitelist with bulk Regex (.*) wildcard rules for each plugin to make sure, nothing gets accidentally blocked by the PFW. So far I did not get any more of this kind of issue anymore. I already had the impression, that the issue happened if something got blocked, but I was not able to reliably make it out. But if I remove a script from the whitelist, I can reproduce the issue. I think I’ll keep it for now and in case I’ll get more errors of this kind, I’ll get back to this topic…

Thanks!

[Rafael Da Costa]

I am having the same problem. I am not using any cache plugin yet but using a membership plugin.

I’ve tried ” BPS Pro troubleshooting step #3 > https://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting to check if the problem has something to do with the BPS Pro Plugin Firewall.”

I’ve tried the Plugin Firewall Test Mode and done everything that could be done on the website. Auto pilot is on w/ Cron check every 1 minute.

I also tried white list “bulletproof-security/admin/(.*).js” AND of-course the system did not let me 😐

The “java” user agent has already been removed from the “CUSTOM CODE BPSQSE BPS QUERY STRING EXPLOITS”

I need to make this website live next week, thus my last resource was to contact you.

Hope you can help

Thanks

Ra

[AITpro Admin]

@ Rafael Da Costa – Try these Plugin Firewall fix steps > https://forum.ait-pro.com/forums/topic/plugin-firewall-read-me-first-troubleshooting/ > “Reset|Clear The Plugin Firewall (fixes most if not all Plugin Firewall issues/problems)”.  Since you mentioned this site is still in development then if you are using a Maintenance Mode plugin then there are several of them that break the Plugin Firewall.  Typically you want to leave the Plugin Firewall turned Off when you are developing a website or temporarily turn Off whichever Maintenance Mode plugin you are using, run PFW Test Mode to get all Plugin Firewall whitelist rules and then turn it Off again until the site goes live.

[Rafael Da Costa]

I’ve tried the “Reset|Clear The Plugin Firewall” before and did not work – I am gonna turn the firewall off until its 100% finish and live.

Thanks

[Qtwix]

Just want to let you know:

After whitelisting all the plugin scripts with Regex, the issue is definitively gone. I didn’t get this error anymore. I think the reason was that the AutoPilot was not able to update the whitelist rules for some reason (WAF/ModSecurity or not) and then, BPS Pro was blocking a script which actually should have been whitelisted which seems to have caused this error in some way.

@Rafael Da Costa: You have to whitelist all your plugin scripts including the leading slash (but not the BPS Pro plugin) e.g.:
/contact-form-7/includes/js/(.*).js

[Author]

Posts